Class: Confluence::Jobs::IstLdapSync

Inherits:

Object

• Object
• Confluence::Jobs::IstLdapSync

Defined in:

lib/confluence/jobs/ist_ldap_sync.rb

Constant Summary

IST_GROUP =

'ucb-ist'

USER_GROUP =

'confluence-users'

DISABLED_SUFFIX =

' (ACCOUNT DISABLED)'

Instance Method Summary

• #confluence_user_names ⇒ Array<String>

  Confluence user names.

• #eligible_for_confluence?(person) ⇒ Boolean
• #execute ⇒ Object

  Run the job.

• #find_in_confluence(name) ⇒ Confluence::User^?
• #find_in_ldap(ldap_uid) ⇒ UCB::LDAP::Person^?
• #find_or_new_user(ldap_uid) ⇒ Confluence::User

  Retrieves the user if they already exist in Confluence.

• #in_ist?(person) ⇒ Boolean
• #initialize ⇒ IstLdapSync constructor

  A new instance of IstLdapSync.

• #ist_people(str = "UCBKL-AVCIS-VRIST-*") ⇒ Array<UCB::LDAP::Person>

  All of the people in IST.

• #log_job ⇒ Object
• #logger ⇒ Object
• #sync_ist_from_confluence ⇒ Object

  Remove a confluene user from the IST_GROUP if LDAP indicates they are no longer part of IST.

• #sync_ist_from_ldap ⇒ Object

  If the IST LDAP person is not in confluence, add them.

Constructor Details

#initialize ⇒ IstLdapSync

Returns a new instance of IstLdapSync.

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 14

def initialize()
  @new_users = []
  @modified_users = []
end

Instance Method Details

#confluence_user_names ⇒ Array<String>

Returns confluence user names.

Returns:

• (Array<String>) —

  confluence user names.

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 102

def confluence_user_names()
  Confluence::User.active.map(&:name)
end

#eligible_for_confluence?(person) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 149

def eligible_for_confluence?(person)
  valid_affiliations = person.affiliations.inject([]) do |accum, aff|
    if aff =~ /AFFILIATE-TYPE.*(ALUMNUS|RETIREE|EXPIRED|ADVCON)/
      accum
    elsif aff =~ /AFFILIATE-TYPE.*/
      accum << aff
    end
    accum
  end
  
  person.employee? || !valid_affiliations.empty?
end

#execute ⇒ Object

Run the job

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 22

def execute()
  @new_users.clear()
  @modified_users.clear()
  sync_ist_from_ldap()
  sync_ist_from_confluence()
  log_job()
end

#find_in_confluence(name) ⇒ Confluence::User^?

Parameters:

• user's (String) —

  confluence account name.

Returns:

• (Confluence::User, nil)

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 130

def find_in_confluence(name)
  Confluence::User.find_by_name(name)
end

#find_in_ldap(ldap_uid) ⇒ UCB::LDAP::Person^?

Parameters:

• user's (String) —

  ldap uid

Returns:

• (UCB::LDAP::Person, nil)

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 138

def find_in_ldap(ldap_uid)
  UCB::LDAP::Person.find_by_uid(ldap_uid)
end

#find_or_new_user(ldap_uid) ⇒ Confluence::User

Retrieves the user if they already exist in Confluence. Otherwise, returns a new record that has not yet been persisted to Confluence.

Parameters:

• the (String) —

  user’s ldap uid

Returns:

• (Confluence::User)

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 122

def find_or_new_user(ldap_uid)
  Confluence::User.find_or_new_from_ldap(ldap_uid)
end

#in_ist?(person) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 142

def in_ist?(person)
  person.berkeleyEduDeptUnitHierarchyString.each do |str|
    return true if str =~ /UCBKL-AVCIS-VRIST-.*/
  end
  false
end

#ist_people(str = "UCBKL-AVCIS-VRIST-*") ⇒ Array<UCB::LDAP::Person>

All of the people in IST.

Returns:

• (Array<UCB::LDAP::Person>)

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 111

def ist_people(str = "UCBKL-AVCIS-VRIST-*")
  UCB::LDAP::Person.search(:filter => {"berkeleyedudeptunithierarchystring" => str})
end

#log_job ⇒ Object

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 81

def log_job()
  msg = "#{self.class.name}\n\n"
  
  msg.concat("Modified Users\n\n")
  @modified_users.each { |u| msg.concat(u.to_s()) }
  msg.concat("\n")
  
  msg.concat("New Users\n\n")
  @new_users.each { |u| msg.concat(u.to_s()) }
  msg.concat("\n")
  
  logger.info(msg)
end

#logger ⇒ Object

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 95

def logger()
  Confluence.logger
end

#sync_ist_from_confluence ⇒ Object

Remove a confluene user from the IST_GROUP if LDAP indicates they are no longer part of IST

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 65

def sync_ist_from_confluence()
  confluence_user_names.each do |name|
    next if name == "conflusa"      
    
    ldap_person = find_in_ldap(name)
    next if ldap_person.nil?
    
    if !in_ist?(ldap_person)
      user = find_in_confluence(name)
      next if user.nil?
      user.leave_group(IST_GROUP)
      @modified_users << user        
    end
  end
end

#sync_ist_from_ldap ⇒ Object

If the IST LDAP person is not in confluence, add them. If they are in confluence but not part of the IST_GROUP, give them membership.

# File 'lib/confluence/jobs/ist_ldap_sync.rb', line 34

def sync_ist_from_ldap()
  ist_people.each do |ldap_person|
    next unless eligible_for_confluence?(ldap_person)

    user = find_or_new_user(ldap_person.uid())

    if user.new_record?
      user.save()
      user.join_group(Confluence::User::DEFAULT_GROUP)
      @new_users << user        
    end
    
    unless user.groups.include?(IST_GROUP)
      user.join_group(IST_GROUP)
      @modified_users << user
    end

    # Check if user belongs to users_confluence, if not add them
    # Remove the (ACCOUNT DISABLED) from their fullname
    unless user.groups.include?(USER_GROUP)
      user.fullname=user.fullname.gsub(DISABLED_SUFFIX,"")
      user.save()
      user.join_group(USER_GROUP)
    end
   end
end